Packages changed:
  blog (2.27 -> 2.28)
  dialog
  erofs-utils
  firewalld (2.0.1 -> 2.0.2)
  fontconfig
  fonts-config (20200609+git0.42e2b1b -> 20230604+git0.630c8206607c)
  jasper (4.1.0 -> 4.1.1)
  kernel-firmware (20231127 -> 20231128)
  kernel-source (6.6.2 -> 6.6.3)
  libavif (1.0.0 -> 1.0.2)
  ncurses (6.4.20231111 -> 6.4.20231125)
  netcfg
  openssh
  polkit-default-privs (1550+20231103.3b4a82f -> 1550+20231129.269abcd)
  python-psycopg2 (2.9.7 -> 2.9.9)
  qemu (8.1.2 -> 8.1.3)
  rdma-core (48.0 -> 49.0)
  unar (1.10.7 -> 1.10.8)
  update-alternatives (1.22.0 -> 1.22.1)
  usbutils
  vim (9.0.2103 -> 9.0.2136)
  xfce4-whiskermenu-plugin (2.8.1 -> 2.8.2)

=== Details ===

==== blog ====
Version update (2.27 -> 2.28)
Subpackages: blog-plymouth libblogger2

- Update to version 2.28
  * UTMP support is gone, remove dependency also add support for
    initramfs at shutdown.

==== dialog ====
Subpackages: dialog-lang libdialog15

- don't install config file, dialog has built in defaults anyway
- add support for /usr/etc (dialog-1.3-usretc.diff)

==== erofs-utils ====

- Enable lzma/xz compression; make `mkfs.erofs -z lzma` work.

==== firewalld ====
Version update (2.0.1 -> 2.0.2)
Subpackages: firewalld-bash-completion firewalld-lang python3-firewall

- update to 2.0.2:
  * fix(policy): runtime dispatch update if *-zone=ANY (e8b9637)
  * fix(nm): release NM client after a timeout (d534f07)

==== fontconfig ====
Subpackages: fontconfig-lang libfontconfig1

- Run autoreconf for Leap 15.x to fix build breakage

==== fonts-config ====
Version update (20200609+git0.42e2b1b -> 20230604+git0.630c8206607c)

- Update to 20230604+git0.630c8206607c:
  * Fix uninitialised use of the HOME environment variable
    (bsc#1086804,bsc#1210700)
  * font match and pattern match can't put in one file.
  * source han are packaged nowadays, no need to give alias;
    just give CFF fontformat fonts in zh-/ja/ko hintfull
  * split 59-family-prefer-lang-specific to cjk/noto and raw,
    the former two may be generated by scripts in later version
  * emoji support(part1): add emoji family
  * delete 10-group-tt*.conf, since fontconfig 2.14 introduces
    09-autohint-if-no-hinting.conf (bsc#1217542)
  * Fix fonts-config does not read user config with `-u` option given
  * widen comparison operator for emoji fonts
- Fix typos in the configs:
  0001-Fix-typos-in-32-emoji-reject.conf-and-59-family-pref.patch
- Enable 09-autohint-if-no-hinting.conf from fontconfig

==== jasper ====
Version update (4.1.0 -> 4.1.1)

- Update to 4.1.1:
  * Disallow in-source builds by default #364
  * Fix a potential integer overflow problem in the
    jas_get_total_mem_size function (for the Windows platform) #363

==== kernel-firmware ====
Version update (20231127 -> 20231128)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network

- Update to version 20231128 (git commit d9f6088f7e91):
  * Add a COPYOPTS variable
  * rtl_bt: Update RTL8852A BT USB firmware to 0xDFC8_145F

==== kernel-source ====
Version update (6.6.2 -> 6.6.3)

- Linux 6.6.3 (bsc#1012628).
- locking/ww_mutex/test: Fix potential workqueue corruption
  (bsc#1012628).
- btrfs: abort transaction on generation mismatch when marking
  eb as dirty (bsc#1012628).
- lib/generic-radix-tree.c: Don't overflow in peek()
  (bsc#1012628).
- x86/retpoline: Make sure there are no unconverted return thunks
  due to KCSAN (bsc#1012628).
- perf/core: Bail out early if the request AUX area is out of
  bound (bsc#1012628).
- srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
  (bsc#1012628).
- selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
  (bsc#1012628).
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak
  (bsc#1012628).
- clocksource/drivers/timer-atmel-tcb: Fix initialization on
  SAM9 hardware (bsc#1012628).
- srcu: Only accelerate on enqueue time (bsc#1012628).
- smp,csd: Throw an error if a CSD lock is stuck for too long
  (bsc#1012628).
- cpu/hotplug: Don't offline the last non-isolated CPU
  (bsc#1012628).
- workqueue: Provide one lock class key per work_on_cpu() callsite
  (bsc#1012628).
- x86/mm: Drop the 4 MB restriction on minimal NUMA node memory
  size (bsc#1012628).
- wifi: plfxlc: fix clang-specific fortify warning (bsc#1012628).
- wifi: ath12k: Ignore fragments from uninitialized peer in dp
  (bsc#1012628).
- wifi: mac80211_hwsim: fix clang-specific fortify warning
  (bsc#1012628).
- wifi: mac80211: don't return unset power in
  ieee80211_get_tx_power() (bsc#1012628).
- atl1c: Work around the DMA RX overflow issue (bsc#1012628).
- bpf: Detect IP == ksym.end as part of BPF program (bsc#1012628).
- wifi: ath9k: fix clang-specific fortify warnings (bsc#1012628).
- wifi: ath12k: fix possible out-of-bound read in
  ath12k_htt_pull_ppdu_stats() (bsc#1012628).
- wifi: ath10k: fix clang-specific fortify warning (bsc#1012628).
- wifi: ath12k: fix possible out-of-bound write in
  ath12k_wmi_ext_hal_reg_caps() (bsc#1012628).
- ACPI: APEI: Fix AER info corruption when error status data
  has multiple sections (bsc#1012628).
- net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
  (bsc#1012628).
- wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15
  Pro (2023) (bsc#1012628).
- wifi: mt76: fix clang-specific fortify warnings (bsc#1012628).
- net: annotate data-races around sk->sk_tx_queue_mapping
  (bsc#1012628).
- net: annotate data-races around sk->sk_dst_pending_confirm
  (bsc#1012628).
- wifi: ath12k: mhi: fix potential memory leak in
  ath12k_mhi_register() (bsc#1012628).
- wifi: ath10k: Don't touch the CE interrupt registers after
  power up (bsc#1012628).
- net: sfp: add quirk for FS's 2.5G copper SFP (bsc#1012628).
- vsock: read from socket's error queue (bsc#1012628).
- bpf: Ensure proper register state printing for cond jumps
  (bsc#1012628).
- wifi: iwlwifi: mvm: fix size check for fw_link_id (bsc#1012628).
- Bluetooth: btusb: Add date->evt_skb is NULL check (bsc#1012628).
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1012628).
- ACPI: EC: Add quirk for HP 250 G7 Notebook PC (bsc#1012628).
- tsnep: Fix tsnep_request_irq() format-overflow warning
  (bsc#1012628).
- gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
  (bsc#1012628).
- platform/chrome: kunit: initialize lock for fake ec_dev
  (bsc#1012628).
- of: address: Fix address translation when address-size is
  greater than 2 (bsc#1012628).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad
  X120e (bsc#1012628).
- drm/gma500: Fix call trace when psb_gem_mm_init() fails
  (bsc#1012628).
- drm/amdkfd: ratelimited SQ interrupt messages (bsc#1012628).
- drm/komeda: drop all currently held locks if deadlock happens
  (bsc#1012628).
- drm/amd/display: Blank phantom OTG before enabling
  (bsc#1012628).
- drm/amd/display: Don't lock phantom pipe on disabling
  (bsc#1012628).
- drm/amd/display: add seamless pipe topology transition check
  (bsc#1012628).
- drm/edid: Fixup h/vsync_end instead of h/vtotal (bsc#1012628).
- md: don't rely on 'mddev->pers' to be set in mddev_suspend()
  (bsc#1012628).
- drm/amdgpu: not to save bo in the case of RAS err_event_athub
  (bsc#1012628).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm
  code (bsc#1012628).
- drm/amdgpu: update retry times for psp vmbx wait (bsc#1012628).
- drm/amd: Update `update_pcie_parameters` functions to use
  uint8_t arguments (bsc#1012628).
- drm/amd/display: use full update for clip size increase of
  large plane source (bsc#1012628).
    ... changelog too long, skipping 797 lines ...
- commit 1be1eb4

==== libavif ====
Version update (1.0.0 -> 1.0.2)

- update to 1.0.2:
  * Update avifCropRectConvertCleanApertureBox() to the revised
    requirements in ISO/IEC 23000-22:2019/Amd. 2:2021 Section
    7.3.6.7.
  * CVE-2023-6350: Out of bounds memory to alphaItemIndices (boo#1217614)
  * CVE-2023-6351: use-after-free in colorProperties (boo#1217615)
- drop fix-gdkpixbuf.patch

==== ncurses ====
Version update (6.4.20231111 -> 6.4.20231125)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen

- Add ncurses patch 20231125
  + add information about "ttycap", termcap's forerunner, to tset.1
    (patch by Branden Robinson).
  + improve formatting/style of manpages, including section reordering
    (patches by Branden Robinson).
  + modify usage messages in configure script, bracketing optional values
    (report by Branden Robinson).
- Add ncurses patch 20231121
  + amend fix for Debian #1055882, correcting nul terminator check in
    waddnstr (Debian #1056340).
- Add ncurses patch 20231118
  + improve description of length-parameter and error-returns in several
    manpages:  curs_addchstr.3x, curs_addstr.3x, curs_addwstr.3x,
    curs_in_wch.3x, curs_in_wchstr.3x, curs_inchstr.3x, curs_ins_wstr.3x,
    curs_insstr.3x, curs_instr.3x, curs_inwstr.3x
  + amend parameter check for entire string versus specific length in
    winsnstr() and wins_nwstr() to match Solaris.
  + make similar correction to wins_nwstr().
  + correct loop termination condition in waddnstr() and waddnwstr()
    (Debian #1055882, cf: 20201205).

==== netcfg ====

- Fix syntax of localhost entries in hosts [bsc#1217355]
- Remove empty netgroup example file from /etc [jsc#PED-240].
  NIS, the main consumer, got already dropped.
- Remove empty ethers example file, /usr/etc should not contain
  examples, for the format there is the manual page, does not
  support IPv6.

==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server

- Enhanced SELinux functionality. Added
  * openssh-7.8p1-role-mls.patch
    Proper handling of MLS systems and basis for other SELinux
    improvements
  * openssh-6.6p1-privsep-selinux.patch
    Properly set contexts during privilege separation
  * openssh-6.6p1-keycat.patch
    Add ssh-keycat command to allow retrival of authorized_keys
    on MLS setups with polyinstantiation
  * openssh-6.6.1p1-selinux-contexts.patch
    Additional changes to set the proper context during privilege
    separation
  * openssh-7.6p1-cleanup-selinux.patch
    Various changes and putting the pieces together
  For now we don't ship the ssh-keycat command, but we need the patch
  for the other SELinux infrastructure
  This change fixes issues like bsc#1214788, where the ssh daemon
  needs to act on behalf of a user and needs a proper context for this

==== polkit-default-privs ====
Version update (1550+20231103.3b4a82f -> 1550+20231129.269abcd)

- Update to version 1550+20231129.269abcd:
  * profiles: whitelist cinnamon-settings-daemon wacom-oled-helper (bsc#1217532)

==== python-psycopg2 ====
Version update (2.9.7 -> 2.9.9)

- update to 2.9.9:
  * Add support for Python 3.12.
  * Drop support for Python 3.6.
  * Wheel package bundled with PostgreSQL 16 libpq in order to
    add support for recent features, such as ``sslcertmode``.

==== qemu ====
Version update (8.1.2 -> 8.1.3)
Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86

- Align to upstream stable release. It includes many of the patches we had
  backported ourself, to fix bugs and issues, plus more. See here for details:
  * https://lore.kernel.org/qemu-devel/1700589639.257680.3420728.nullmailer@tls.msk.ru/
  * https://gitlab.com/qemu-project/qemu/-/commits/stable-8.1?ref_type=heads
  An (incomplete!) list of such backports is:
  * Update version for 8.1.3 release
  * hw/mips: LOONGSON3V depends on UNIMP device
  * target/arm: HVC at EL3 should go to EL3, not EL2
  * s390x/pci: only limit DMA aperture if vfio DMA limit reported
  * target/riscv/kvm: support KVM_GET_REG_LIST
  * target/riscv/kvm: improve 'init_multiext_cfg' error msg
  * tracetool: avoid invalid escape in Python string
  * tests/tcg/s390x: Test LAALG with negative cc_src
  * target/s390x: Fix LAALG not updating cc_src
  * tests/tcg/s390x: Test CLC with inaccessible second operand
  * target/s390x: Fix CLC corrupting cc_src
  * tests/qtest: ahci-test: add test exposing reset issue with pending callback
  * hw/ide: reset: cancel async DMA operation before resetting state
  * target/mips: Fix TX79 LQ/SQ opcodes
  * target/mips: Fix MSA BZ/BNZ opcodes displacement
  * ui/gtk-egl: apply scale factor when calculating window's dimension
  * ui/gtk: force realization of drawing area
  * ati-vga: Implement fallback for pixman routines
  * ...
- Backports and bugfixes:
  * [openSUSE] Make Sphinx build reproducible (boo#1102408)
  * target/s390x/arch_dump: Add arch cleanup function for PV dumps (bsc#1217227)
  * dump: Add arch cleanup function (bsc#1217227)
  * target/s390x/dump: Remove unneeded dump info function pointer init (bsc#1217227)

==== rdma-core ====
Version update (48.0 -> 49.0)
Subpackages: libefa1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd

- Update to v49.0 (jsc#PED-6891, jsc#PED-6864, jsc#PED-6839, jsc#PED-6836,
    jsc#PED-6828, jsc#PED-6824, jsc#PED-6958, jsc#PED-6943, jsc#PED-6933, jsc#PED-6916)
  - No release notes available.

==== unar ====
Version update (1.10.7 -> 1.10.8)

- Update to version 1.10.8
  * Fix a major memory leak in CSBzip2Handle
  * Fix Quarantine attribute for created directories
  * Fix crash corrupted iso
  * Fix crash during unarchive sitx format with symlink on
    deleted file
  * Implement Clang modules support
  * [TUN-189] Add Alternarive CRC calcuation for Mac Binary
    format
  * [WARC-1] Add basic support of WARC 1.1 archives
  * [TUN-138] Fix case with directories in Solid RAR5 archives
  * [TUN-184] Fix old archives with RAR 1.5
- Update source URL
- Add universal-detector as source

==== update-alternatives ====
Version update (1.22.0 -> 1.22.1)

- Update to version 1.22.1.
  The full changelog is very large. Please check it here:
  https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/debian/changelog?h=1.22.1
- Refresh update-alternatives-suse.patch so it applies cleanly.

==== usbutils ====

- Split out devel package, containing the .pc file:
  + The .pc file declares dependencies on other devel packages,
    which is not wanted on regular end-user systems.
  + Drop rpmlintrc file.

==== vim ====
Version update (9.0.2103 -> 9.0.2136)
Subpackages: vim-data vim-data-common xxd

- Update to version 9.0.2136
  * MSVC errorformat can be improved
  * No test for mode() when executing Ex commands
  * Revise Makefile
  * Update syntax file
  * ml_get error when scrolling
  * Cannot detect overstrike mode in Cmdline mode
  * Duplicate Netbeans Error Message
  * not all nushell files detected
  * Updated German translations
  * add additional nginx keywords
  * add Make_mvc.mak file for tutor
  * updated Russian translations for tutorials
  * updated Italian translation
  * some errors with translation Makefiles
  * [security]: use-after-free in call_dfunc()
  * Update doc Makefiles with comments from #13567
  * add indentation plugin (fixes #13574)
  * runtime(swig): add syntax and filetype plugins
  * translation Makefiles can be improved
  * unused assignments when checking 'listchars'
  * File info disappears when 'cmdheight' has decreased
  * INT overflow detection logic can be simplified
  * Problem with initializing the length of range() lists
  * [security]: prevent overflow in indenting
  * [security]: use-after-free in ex_substitute
  * Fix handling of very long filename on longlist style
  * un-used assignment in do_source_buffer_init
  * remove dead-condition in ex_class
  * [security]: avoid double-free in get_style_font_variants
  * [security] use-after-free in qf_free_items
  * expand $COMSPEC without applying 'wildignore'
  * Improve keymap file highlighting
  * include new doc-Makefiles
  * Fix whitespace and formatting of some help files
  * minor typo fixes
  * No test for defining sign without attribute
  * crash when callback function aborts because of recursiveness
  * overflow detection not accurate when adding digits
  * Coverity warns for another overflow in shift_line()
  * Refactor doc-Makefiles
  * document proper notation of gVim, document vim-security list
  * Update Serbian messages translation
  * [security]: overflow in shift_line
  * [security]: overflow in get_number
  * [security]: overflow in ex address parsing
  * [security]: overflow in nv_z_get_count
  * [security]: overflow with count for :s command
  * [security]: FPE in adjust_plines_for_skipcol
  * [security]: Use-after-free in win_close()
  * comment out strange error condition check
  * skipcol not reset when topline changed
  * wast filetype should be replaced by wat filetype
  * fix typo in pi_gzip.txt

==== xfce4-whiskermenu-plugin ====
Version update (2.8.1 -> 2.8.2)
Subpackages: xfce4-whiskermenu-plugin-lang

- Update to version 2.8.2
  * Fix crash when searching. (Issue #120)
  * Translation updates